漏洞报告
【Internet Bug Bounty 4,000 USD】Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
https://hackerone.com/reports/1394916
【Rockset】Failure to Invalid Session after Password Change
https://hackerone.com/reports/957557
【Rockset】A member-member privilege could access the https://console.rockset.com/billing?tab=payment page even though the billing page is hidden from the menu
https://hackerone.com/reports/946384
挖洞技巧
Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over
https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html
挖洞工具
A burp-suite plugin that extract all parameter names from in-scope requests
https://github.com/Co0nan/ParamsExtractor
